python software foundation

Top products

The 15 most recently published vulnerabilities affecting python software foundation.

• CVE-2026-7210The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection7.5May 11, 2026
• CVE-2026-3087shutil.unpack_archive() doesn't check for Windows absolute paths in ZIPs7.5Apr 27, 2026
• CVE-2026-41140Poetry: Path traversal in tar extraction on Python 3.10.0 - 3.10.12 and 3.11.0 - 3.11.45.3Apr 24, 2026
• CVE-2026-6019BaseCookie.js_output() does not neutralize embedded characters6.1Apr 22, 2026
• CVE-2026-5713Out-of-bounds read/write during remote profiling and asyncio process introspection when connecting to malicious target5.6Apr 14, 2026
• CVE-2026-6100Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure8.7Apr 13, 2026
• CVE-2026-5271Possible to hijack modules in current working directory7.8Apr 1, 2026
• CVE-2026-25645Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function4.4Mar 25, 2026
• CVE-2026-4519webbrowser.open() allows leading dashes in URLs3.3Mar 20, 2026
• CVE-2026-4224Stack overflow parsing XML with deeply nested DTD content models7.5Mar 16, 2026
• CVE-2026-3644Incomplete control character validation in http.cookies7.5Mar 16, 2026
• CVE-2025-13462tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling3.3Mar 12, 2026
• CVE-2026-2297SourcelessFileLoader does not use io.open_code()5.5Mar 4, 2026
• CVE-2026-1703Limited path traversal when installing wheel archives3.5Feb 2, 2026
• CVE-2026-1299email BytesGenerator header injection due to unquoted newlines7.1Jan 23, 2026